Security News

Ransomware might be a dreadful enterprise, but nobody could accuse the criminals behind these attacks of being weak on customer service. Now you can see why ransomware attacks almost always send back encryption keys when paid - any doubt in the mind of victims would quickly destroy the whole extortion racket as companies knuckled down to do the hard work themselves.

Is the future of information security and tech conferences virtual?While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. Understanding the basics of API securityThis is the first of a series of articles that introduces and explains application programming interfaces security threats, challenges, and solutions for participants in software development, operations, and protection.

Attackers have been targeting the Sophos XG Firewall using a zero-day exploit, according to the security firm - with the ultimate goal of dropping the Asnarok malware on vulnerable appliances. Firewalls manually configured to expose a firewall service to the WAN zone that shares the same port as the admin or user portal were also affected," the firm explained.

Aside from plugging the security hole, the hotfix detects if the firewall was hit by attackers and, if it was, stops it from accessing any attacker infrastructure, cleans up remnants from the attack, and notifies administrators about it so that they can perform additional remediation steps. The zero-day affects all versions of XG Firewall firmware on both physical and virtual Sophos firewalls.

Cybersecurity company Sophos informed customers over the weekend that it has patched a zero-day vulnerability that has been exploited to deliver malware to its XG Firewall appliances. An investigation revealed that attackers have been exploiting a previously unknown SQL injection vulnerability to hack exposed physical and virtual firewalls.

Sophos XG Firewall hacked in the wild - hotfix available. Sophos has rushed out a hotfix for its XG Firewall products to close an SQL injection vulnerability - after hackers were spotted exploiting the hole in the wild.

In September last year, Sophos made Sandboxie free, while also announcing that it was transitioning the tool to open source. "Sophos is proud to announce the release of the Sandboxie source code to the community, meaning we are finally an open source tool! We're excited to give the code to the community," the company announced on its forums.

There's been a bump in the road, a stick in the wheel, because Sophos was a member of the UK government's "Cycle to work" scheme - which offers staff loans to pay for bicycles and related stuff like lights, helmets and panniers. The trouble is that the bike scheme is regulated by the Financial Conduct Authority.

Want 50% off Sophos Home? You can get it here!

The SophosLabs 2020 Threat Report highlights a growing battle as smart automation technologies continue to evolve.